A.I.-Based Protection from Spear Phishing, Account Takeover, and Business Email Compromise
Frequently Asked Questions
What is the difference between phishing and spear phishing?
Phishing attacks are mass emails that typically try to steal user credentials by getting victims to click on a link that leads them to a fake sign-up page. Once victims type in their credentials on the fake page, the attackers essentially gain access to a user’s bank account, email or other sensitive data. Phishing attacks are typically sent to a large number of recipients and are usually not personalized to a specific person or target.
Spear phishing attacks are highly targeted and researched personal attacks. Typically attackers will send the target a series of innocent-seeming messages in order to trick them into making a wire transfer or sending confidential information. These attacks are difficult to intercept because they do not contain suspicious links or attachments, and are not mass emails that can be matched across many users.
What is Business Email Compromise, or BEC?
In 2013, the FBI began tracking business email compromise (BEC), where attackers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by criminals. The scammers use a variety of tactics to fool their victims; however, they typically start with a well-executed spear phishing attack. They might spend weeks or months studying their victims (vendors, billing systems, communications style) and then send an email requesting that some amount of money be sent urgently to a “trusted” vendor. Because of the personal nature of the attack (the familiar vendor, the “authority figure” such as a manager or CEO, the urgent request), legacy email security solutions fail to detect them. The FBI estimates that more than $5 billion has been lost to BEC in recent years.
What do you mean by 'impersonation' attack?
Spear phishing attacks rely on impersonation. The attacker pretends to be, or impersonates, someone you know and engages in conversation to build trust. This conversation frequently takes place over email but can happen over other communications platforms as well (e.g., chat, text messages, social networks). The attackers go to great lengths to pull off a successful impersonation attack, carefully researching personal details of their victims to know things like place of employment, impending transactions, where their kids go to school, who their favorite sports teams are, and so forth. The attacker often engages in multiple messages back and forth before requesting sensitive information (such as credentials, a wire transfer, or employee tax information).
What is DMARC?
DMARC, or Domain-based Message Authentication Reporting & Conformance, is an email authentication, policy, and reporting protocol. It builds on the widely-deployed SPF and DKIM protocols to improve and monitor the protection of the domain from fraudulent email. If it is set up correctly and enforced, DMARC makes sure that only the legitimate owner of a domain can send emails from it. This prevents attackers from sending emails on behalf of domains they do not own ("spoofing"), and therefore eliminates many kinds of phishing and spear phishing attacks. Spoofing can be used both against the owner of the domain and against customers and business partners. Therefore, DMARC is a key component in protecting both people and brands.
What is Barracuda Sentinel?
Barracuda Sentinel is the leading comprehensive AI solution for real-time defense against business email compromise, spear phishing, account takeover, social engineering attacks, impersonation, and other cyber fraud. Delivered as a cloud service, Barracuda Sentinel combines three powerful layers—an artificial intelligence engine that stops spear phishing in real time, API-based architecture to learn from historical communication patterns, and brand protection using DMARC authentication—into a comprehensive solution that protects people, businesses, and brands from these personalized attacks. Barracuda Sentinel integrates with popular communications platforms such as Microsoft Office 365, to learn your organization’s unique communications patterns to predict and prevent future attacks. This messaging intelligence allows Sentinel to identify anomalies and stop these attacks in real time with zero impact on network performance or user experience.
How does the artificial intelligence engine work?
Barracuda Sentinel is powered by a multi-layer AI engine that detects and blocks spear phishing and socially engineered attacks in real time and identifies which employees are at highest risk. We combine information from multiple signals to learn the unique communications patterns of each organization and to analyze the content of the messages for sensitive information. Barracuda Sentinel combines this messaging intelligence to determine with a high degree of accuracy whether an email is part of a spear phishing attack that uses socially engineered tactics.
What happens when a spear phishing attack is detected?
Messages identified as impersonation attempts, BEC, or spear phishing attacks are either deleted or automatically moved to the junk folder in the end user’s mailbox, and the user and administrator receive an alert about the potential threat.
How does Barracuda Sentinel help with DMARC?
Barracuda Sentinel helps prevent domain spoofing and brand hijacking with a set of tools to help companies implement DMARC. Using Barracuda Sentinel, companies can monitor DMARC data on their domain, and get actionable insight on legitimate and fraudulent usage of their domain.
What type of training is included with Barracuda Sentinel?
Barracuda Sentinel leverages intelligence gathered from our machine learning algorithms to identify high-risk individuals within an organization. Once identified, Barracuda Sentinel offers a set of tools (including more than 100 templates designed after the most common spear phishing attempts) to periodically and automatically train and test the security awareness of those employees with simulated attacks.
Integration with Other Barracuda Solutions
Do I need to have other Barracuda products in place for Barracuda Sentinel to work?
No. Barracuda Sentinel is a standalone product. Because it integrates directly with the Office 365 API, there's no impact on your network performance or existing email security infrastructure. We offer discounts on Barracuda Sentinel for existing Barracuda Essentials or Barracuda Email Security Gateway customers and for customers who purchase Barracuda Essentials or Barracuda Email Security Gateway alongside Barracuda Sentinel.
If I have Barracuda Essentials, do I need Barracuda Sentinel—or vice versa?
Barracuda Essentials and Barracuda Sentinel are designed to be complementary security solutions to keep customers safe and productive in Office 365 environments.
Barracuda Sentinel is a comprehensive AI solution to guard against targeted attacks with real-time spear phishing and cyber fraud defense.
Barracuda Essentials for Office 365 combines cloud-based security, archiving, and backup for Office 365 environments into a single, comprehensive solution, including:
- Enhanced Email Security augments security for both inbound and outbound email, including enhanced protection from spam, malware, viruses, and phishing emails. We also add a powerful, rules-based outbound email filter to prevent data from leaving your organization, and email encryption for keeping highly sensitive or confidential information safe.
- Cloud Archiving Service leverages Office 365’s journaling feature to ensure that all emails are archived and that they can be easily searched.
- Streamlined Backup and Recovery provides an unlimited cloud backup of all your emails and files, and the recovery process is much simpler and faster than the standard Office 365 recovery process.
Barracuda Sentinel is available a standalone product and works alongside any existing email security solutions (including Barracuda Essentials, native Office 365 Exchange Online Protection, and others). It is also available at a discount to Barracuda Essentials customers who want to enhance their security posture with spear phishing and cyber fraud protection.
How much time will I spend installing and maintaining Barracuda Sentinel?
It takes less than five (5) minutes to get started with Barracuda Sentinel. You simply need Office 365 admin credentials to connect your account, and you can be set up within minutes. Barracuda Sentinel’s API-based architecture has no impact on network performance, user experience, or your existing email security architecture. It's 100% cloud delivered, without any hardware or software to install or maintain.
Office 365 already has security features. Why would I need additional protection?
It’s true that certain Office 365 plans come with Exchange Online Protection and Compliance Center, which provides an initial layer of security. However, there are no native security features in Office 365 designed to stop Business Email Compromise, social engineering, and spear phishing attacks.
How do Barracuda Essentials and Barracuda Sentinel differ from Exchange Online Protection?
Barracuda Essentials provides additional layers of security to catch malware and phishing attempts that elude basic Exchange Online Protection. Barracuda Essentials also includes several features that are optional with Exchange Online Protection: advanced threat protection, anti-typosquatting, link protection, and email encryption. Barracuda Sentinel takes that a step further, as a comprehensive solution that guards against highly personalized spear phishing attacks, impersonation attempts, business email compromise, and cyber fraud.
What's Significant About the API-based Approach?
Barracuda Sentinel is the first API-based solution to provide comprehensive protection against account takeover and targeted attacks like spear phishing and business email compromise (BEC). We leverage the APIs of popular communications platforms, such as Office 365, to learn each organization’s unique communications patterns to predict and prevent future attacks. Our innovative technology stops account takeover, spear phishing, and BEC attacks in real time with zero impact on network performance or user experience. This API-based approach is important for several reasons:
- Historical Data: Provides instant access to current and historical data. This historical data is crucial because without understanding the existing communication patterns in the company, it is impossible to detect anomalies and impersonation attempts. Traditional email security solutions would have to collect information for months or years before having enough information to create meaningful profiles.
- Internal Messages: Provides access to internal communications, which gateway solutions cannot see. Internal emails provide a critical record of what’s “normal” in an organization. In addition, many attacks, such as internal phishing emails as a result of an account takeover emanate from internal accounts. Solutions that cannot view, analyze, and understand internal communications patterns are useless against these types of attacks.
- Simplified Setup and Management: Very easy to set up and has no impact on network performance.
Why do I need Sentinel on the top of existing secure email gateway?
Traditional secure gateways sit between external senders and the user’s mailbox. Therefore, they can only see email as it’s coming in from external sources. They usually rely on global rules and malicious signals to detect email fraud. These solutions are a must-have for detection of large scale attacks that are coming from external, low-reputation senders or contain malicious code. However, gateways struggle to detect targeted attacks, those coming from trusted senders or that contain links leading to pages that don’t appear to be malicious. Secure gateways have no visibility into internal communications and therefore can’t intercept attacks coming from internal users.
Unlike traditional gateways, Sentinel uses O365 APIs to directly integrate with your employees’ mailboxes, giving it access to external, internal, and historical mail flow. This allows Sentinel AI to learn the behavioral patterns of each users. It can then spot anomalies to flag attacks, rather than using the rule-based approach used by secure gateways. Visibility into internal communications enables Sentinel to detect attacks that originate from internal accounts, which is critical for detecting account takeover. This approach is more effective in detecting sophisticated targeted attacks that get through your secure email gateway.